Inactive iexplorer.exe problem

adamexsa · 2010/07/03

OTL logfile created on: 03/07/2010 04:56:30 - Run 2
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040D | Country: Israel | Language: HEB | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 82.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 28.64 Gb Free Space | 29.32% Space Free | Partition Type: NTFS
Drive D: | 200.43 Gb Total Space | 141.59 Gb Free Space | 70.65% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANTON-220854676
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/03 04:14:23 | 000,867,892 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SecurityCheck.exe
PRC - [2010/07/03 03:21:04 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/06/26 20:17:53 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/26 20:17:53 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/03/30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2010/01/03 17:07:48 | 000,246,520 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2009/02/05 13:43:26 | 000,068,136 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\essvr.exe
PRC - [2008/07/03 12:38:24 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 13:00:00 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe
PRC - [2005/12/13 10:03:20 | 000,801,280 | ---- | M] (Friendly Technologies) -- C:\Program Files\012Net\012Net-Cable dialer\FWPortal.exe
PRC - [2005/08/11 14:18:10 | 000,083,608 | ---- | M] (Friendly Technologies) -- C:\Program Files\012Net\012Net-Cable dialer\fts.exe

========== Modules (SafeList) ==========

MOD - [2010/07/03 03:21:04 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2008/11/05 07:21:57 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5705_x-ww_36cfed49\comctl32.dll
MOD - [2008/04/14 13:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (ekrn)
SRV - File not found [Auto | Stopped] -- -- (eins7295) Eset install launcher (7295)
SRV - File not found [On_Demand | Stopped] -- -- (EhttpSrv)
SRV - File not found [Auto | Stopped] -- -- (cmdAgent)
SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/01/03 17:07:48 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009/02/05 13:43:26 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)

========== Driver Services (SafeList) ==========

DRV - [2010/07/03 04:54:21 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2010/07/03 01:35:01 | 000,061,624 | ---- | M] (Prevx) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\pxrts.sys -- (pxrts)
DRV - [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/03/26 21:49:28 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2010/03/24 20:33:52 | 000,095,872 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2010/03/24 20:31:06 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/03/24 20:23:52 | 000,139,192 | ---- | M] (ESET) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/02/03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2010/02/01 12:28:20 | 000,024,504 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ESLvnic.sys -- (ESLvnic1)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/29 05:30:44 | 003,643,904 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/04/01 13:28:32 | 000,093,184 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/10/30 15:14:20 | 000,117,888 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/04/14 13:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 02:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/08/02 17:32:26 | 000,022,784 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dadder.sys -- (DAdderFltr)
DRV - [2007/04/16 16:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2005/11/03 07:50:48 | 001,391,296 | R--- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmudaxu.sys -- (cmudaxu)
DRV - [2005/09/07 11:09:36 | 000,017,230 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Wirelecf.SYS -- (Wirelecf)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://il.msn.com/iat/us_il.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E8 F4 B2 BD D5 B0 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com "
FF - prefs.js..browser.search.defaultenginename: "Ask.com "
FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch "
FF - prefs.js..browser.search.order.1: "Ask.com "
FF - prefs.js..browser.search.selectedEngine: "Ask.com "
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.ask.com?o=15788&l=dis "
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.6.117
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6
FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=IMB&o=15785&locale=en_US&apn_uid=BEB11100-3FDD-45AB-9674-BDAEE5E68E16&apn_ptnrs=HQ&apn_sauid=89B56A0A-BF91-4A96-9FC6-ECDC79E75127&apn_dtid=&q= "

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/01 23:03:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/26 20:17:56 | 000,000,000 | ---D | M]

[2010/04/04 18:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/07/01 21:15:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lyd6mmkz.default\extensions
[2010/04/23 19:00:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lyd6mmkz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/01 13:25:22 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lyd6mmkz.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/04/20 18:00:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lyd6mmkz.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010/06/21 23:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lyd6mmkz.default\extensions\illimitux@illimitux.net
[2010/06/04 22:01:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lyd6mmkz.default\extensions\toolbar@ask.com
[2010/07/02 20:00:50 | 000,002,555 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lyd6mmkz.default\searchplugins\askcom.xml
[2010/04/04 18:53:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/20 19:43:27 | 000,002,191 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
[2010/04/01 19:10:52 | 000,001,960 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\morfix-dic.xml
[2010/04/01 19:10:52 | 000,001,008 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-he.xml

O1 HOSTS File: ([2010/07/03 04:49:07 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll File not found
O2 - BHO: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB1.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll File not found
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll File not found
O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll File not found
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [%FP%012-L2TP fts.exe] C:\Program Files\012Net\012Net-Cable dialer\fts.exe (Friendly Technologies)
O4 - HKLM..\Run: [%FP%012-L2TP FWPortal.exe] C:\Program Files\012Net\012Net-Cable dialer\FWPortal.exe (Friendly Technologies)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe File not found
O4 - HKLM..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PRISMSVR.EXE] File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WiFiCFG.EXE] C:\Program Files\802.11g USB2.0 adapter\WiFiCFG.EXE File not found
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Моя текущая домашняя страница) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/18 21:38:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/07/03 04:16:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/03 03:21:03 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/07/03 02:35:50 | 001,013,584 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
[2010/07/03 01:40:00 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/03 01:36:01 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/07/03 01:36:00 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/07/03 01:36:00 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/07/03 01:36:00 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/07/03 01:36:00 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/07/03 01:36:00 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/07/03 01:36:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/07/03 01:35:01 | 000,061,624 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2010/07/03 01:34:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2010/07/03 01:18:28 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/03 01:04:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/03 00:38:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Help
[2010/07/03 00:38:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Help
[2010/07/02 20:02:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/02 20:02:30 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/02 20:02:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/02 05:09:31 | 000,000,000 | ---D | C] -- C:\VritualRoot
[2010/07/02 05:09:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\COMODO
[2010/07/02 05:03:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo Downloader
[2010/07/02 01:24:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/07/02 01:06:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/07/02 00:51:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/07/02 00:51:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2010/07/02 00:17:25 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2010/07/01 23:46:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/07/01 23:46:18 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2010/07/01 22:24:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/07/01 22:24:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/01 21:04:11 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/07/01 20:21:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Yahoo!
[2010/07/01 19:56:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/07/01 19:38:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Threat Expert
[2010/07/01 19:38:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\BS_Player
[2010/07/01 19:38:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\AskToolbar
[2010/07/01 19:38:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Zynga
[2010/07/01 19:38:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\myBabylon_English
[2010/07/01 19:38:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Conduit
[2010/07/01 00:51:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/30 17:01:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/06/30 17:01:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/06/30 17:00:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/30 17:00:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\BS_Player
[2010/06/30 17:00:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\AskToolbar
[2010/06/30 17:00:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\myBabylon_English
[2010/06/30 17:00:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Conduit
[2010/06/30 17:00:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Zynga
[2010/06/30 17:00:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Threat Expert
[2010/06/30 00:35:49 | 000,000,000 | ---D | C] -- C:\Program Files\LittleFighter2
[2010/06/29 20:27:27 | 005,341,184 | R--- | C] (C-Media Corporation) -- C:\WINDOWS\System\cmcnfgu.cpl
[2010/06/29 20:27:27 | 000,917,504 | R--- | C] (C-Media Electronics Inc.) -- C:\WINDOWS\System\cmds3du.dll
[2010/06/29 20:27:27 | 000,098,304 | R--- | C] (C-Media) -- C:\WINDOWS\System32\cmudau.dll
[2010/06/29 20:27:26 | 000,016,384 | R--- | C] (C-Media Corporation) -- C:\WINDOWS\System32\cmpropu.dll
[2010/06/29 19:33:50 | 000,000,000 | ---D | C] -- C:\Program Files\Steel Sound 5H USB
[2010/06/28 18:06:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\AdobeStockPhotos
[2010/06/28 01:43:35 | 003,170,352 | ---- | C] (Wizet) -- C:\ProMS.exe
[2010/06/25 01:53:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/06/10 11:50:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/06/10 11:50:27 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2010/06/04 23:04:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2010/05/30 20:24:14 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/05/30 20:24:07 | 000,031,104 | ---- | C] (Cypress Semiconductor) -- C:\WINDOWS\System32\drivers\CYUSB.sys
[2010/05/30 20:24:07 | 000,022,784 | ---- | C] (Razer (Asia-Pacific) Pte Ltd) -- C:\WINDOWS\System32\drivers\dadder.sys
[2010/05/07 15:49:35 | 007,909,376 | ---- | C] (Wizet) -- C:\GM-Client.exe
[2010/05/07 12:28:19 | 007,909,376 | ---- | C] (Wizet) -- C:\ChilliStory.exe
[2010/05/07 12:12:20 | 000,000,000 | ---D | C] -- C:\IcyMs
[2010/05/03 00:17:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/04/27 14:23:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AskToolbar
[2010/04/27 14:22:46 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/04/24 22:07:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\הקבצים שלי שהתקבלו
[2010/04/24 21:57:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Tracing
[2010/04/24 21:57:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/04/24 21:56:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2010/04/24 21:56:43 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/04/24 21:56:19 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/04/24 21:51:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/04/23 22:38:14 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2010/04/23 22:38:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/04/23 22:38:02 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/04/23 22:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/04/23 14:52:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\LogMeIn Hamachi
[2010/04/23 14:52:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
[2010/04/23 14:51:57 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2010/04/23 11:45:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/04/20 19:43:30 | 000,000,000 | ---D | C] -- C:\Program Files\myBabylon_English
[2010/04/20 19:37:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\FlashFXP
[2010/04/20 18:00:04 | 000,000,000 | ---D | C] -- C:\Program Files\AskBarDis
[2010/04/20 18:00:01 | 000,000,000 | ---D | C] -- C:\Program Files\FlashFXP
[2010/04/20 18:00:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FlashFXP
[2010/04/19 22:43:29 | 000,000,000 | ---D | C] -- C:\Nexon
[2010/04/19 22:43:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2010/04/19 20:49:14 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2010/04/18 22:45:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Updater
[2010/04/18 22:32:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2010/04/18 22:31:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Adobe PDF
[2010/04/18 22:30:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe Systems
[2010/04/18 22:30:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe Systems Shared
[2010/04/18 22:29:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/04/18 22:29:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/04/18 22:29:33 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/04/17 23:34:09 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/04/17 23:34:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/04/16 03:00:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/04/16 03:00:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/04/15 16:58:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/04/13 19:35:36 | 000,000,000 | ---D | C] -- C:\fd
[2010/04/10 12:14:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\cache
[2010/04/07 19:38:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2010/04/07 19:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2010/04/07 19:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2010/04/07 18:16:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Threat Expert
[2010/04/07 18:08:41 | 001,652,664 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/04/07 18:08:41 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/04/07 18:08:41 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/04/07 18:02:27 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/04/07 16:30:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\FullTiltPoker
[2010/04/07 14:54:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2010/04/07 14:54:02 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/04/07 14:54:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Yahoo!
[2010/04/07 14:54:00 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/04/05 18:48:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2010/04/05 16:21:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\FTL Shared
[2010/04/05 16:21:36 | 000,000,000 | ---D | C] -- C:\Program Files\012Net
[2010/04/04 18:53:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2010/04/04 18:53:51 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

========== Files - Modified Within 90 Days ==========

[2010/07/03 05:01:00 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/07/03 04:58:42 | 000,526,118 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/03 04:58:42 | 000,443,480 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/03 04:58:42 | 000,072,456 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/03 04:55:09 | 000,167,952 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010/07/03 04:55:00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/03 04:54:07 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/03 04:54:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/03 04:53:24 | 004,980,736 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/07/03 04:53:24 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/07/03 04:49:07 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/07/03 04:14:23 | 000,867,892 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SecurityCheck.exe
[2010/07/03 03:21:15 | 009,606,994 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/07/03 03:21:04 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/07/03 01:36:11 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/07/03 01:35:01 | 000,061,624 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2010/07/03 01:34:57 | 000,000,051 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/07/03 01:26:04 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/03 01:18:35 | 000,000,293 | RHS- | M] () -- C:\boot.ini
[2010/07/02 20:02:33 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/02 01:17:41 | 000,319,840 | ---- | M] () -- C:\WINDOWS\eins1326.dll
[2010/07/01 22:41:58 | 000,000,560 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/01 22:41:58 | 000,000,223 | ---- | M] () -- C:\Boot.bak
[2010/07/01 22:23:18 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/06/30 17:25:08 | 001,013,584 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
[2010/06/30 00:35:58 | 000,000,809 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Little Fighter 2.lnk
[2010/06/28 18:07:43 | 000,101,893 | ---- | M] () -- C:\Documents and Settings\Administrator\AdobeFnt10.lst
[2010/06/22 19:05:04 | 000,002,269 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/06/11 03:22:28 | 000,158,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/11 03:06:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/10 13:44:36 | 000,000,213 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Team Fortress 2.url
[2010/06/08 04:16:01 | 000,763,832 | ---- | M] () -- C:\WINDOWS\BDTSupport.dll
[2010/06/08 02:21:02 | 001,652,664 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/05/31 05:41:56 | 000,000,103 | ---- | M] () -- C:\KiKi.cfg
[2010/05/20 18:54:13 | 000,000,101 | ---- | M] () -- C:\settings.ini
[2010/05/18 21:12:38 | 000,000,047 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\long
[2010/05/14 23:35:51 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\mIRC.lnk
[2010/05/10 22:27:45 | 003,150,944 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\castrations.wmv
[2010/05/07 12:27:54 | 002,948,786 | ---- | M] () -- C:\ChilliStory.rar
[2010/05/07 12:27:15 | 010,444,702 | ---- | M] () -- C:\ChilliStoru_Item_Patch2.rar
[2010/05/07 12:20:23 | 000,017,925 | ---- | M] () -- C:\ProMS20100507122023.dmp
[2010/05/07 12:02:20 | 000,017,925 | ---- | M] () -- C:\ProMS20100507120220.dmp
[2010/05/01 03:38:18 | 000,000,158 | ---- | M] () -- C:\ShockMS.zip
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/27 14:23:05 | 000,001,546 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2010/04/26 21:34:05 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2010/04/24 21:57:34 | 000,027,848 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/18 22:31:18 | 000,000,988 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2010/04/18 22:26:57 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/04/17 23:14:31 | 000,001,614 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Counter-Strike.lnk
[2010/04/17 11:27:47 | 004,753,169 | ---- | M] () -- C:\SkIdRow.jc2.rar
[2010/04/17 09:24:09 | 006,254,737 | ---- | M] () -- C:\PC4-FiLES.rld.rar
[2010/04/17 09:23:08 | 004,003,483 | ---- | M] () -- C:\crk.rld.jc2.rar
[2010/04/15 14:02:44 | 016,266,486 | ---- | M] () -- C:\Item.wz
[2010/04/15 00:14:04 | 000,007,680 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/13 16:20:43 | 005,890,371 | ---- | M] () -- C:\fnatic-vs-sk-dust2-1004110119-de_dust2.rar
[2010/04/07 14:54:01 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CCleaner.lnk
[2010/04/07 09:53:12 | 000,000,050 | ---- | M] () -- C:\ChilliStory.bat
[2010/04/04 19:12:43 | 000,002,021 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Assassin's Creed II.lnk
[2010/04/04 18:53:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/04/04 18:53:52 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/04/04 18:53:52 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

========== Files Created - No Company Name ==========

[2010/07/03 04:14:20 | 000,867,892 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SecurityCheck.exe
[2010/07/03 01:36:11 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/07/03 01:18:35 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2010/07/03 01:18:32 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/07/02 20:02:33 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/02 01:17:41 | 000,319,840 | ---- | C] () -- C:\WINDOWS\eins1326.dll
[2010/07/02 00:26:35 | 000,000,051 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/06/29 20:27:47 | 000,000,482 | R--- | C] () -- C:\WINDOWS\System\CmcnfgU.ini
[2010/06/29 20:27:27 | 000,061,440 | R--- | C] () -- C:\WINDOWS\System\cmsnxeye.exe
[2010/06/29 20:27:18 | 000,002,563 | R--- | C] () -- C:\WINDOWS\Cmudau.ini
[2010/06/29 19:33:51 | 000,004,286 | R--- | C] () -- C:\WINDOWS\control.ico
[2010/06/29 19:33:51 | 000,001,150 | R--- | C] () -- C:\WINDOWS\tray.ico
[2010/06/28 18:07:43 | 000,101,893 | ---- | C] () -- C:\Documents and Settings\Administrator\AdobeFnt10.lst
[2010/06/28 01:43:35 | 000,000,101 | ---- | C] () -- C:\settings.ini
[2010/06/10 13:44:36 | 000,000,213 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Team Fortress 2.url
[2010/05/14 23:35:51 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\mIRC.lnk
[2010/05/13 12:30:00 | 000,000,047 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\long
[2010/05/12 03:00:17 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/05/10 22:27:18 | 003,150,944 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\castrations.wmv
[2010/05/07 12:28:19 | 000,000,050 | ---- | C] () -- C:\ChilliStory.bat
[2010/05/07 12:27:43 | 002,948,786 | ---- | C] () -- C:\ChilliStory.rar
[2010/05/07 12:27:15 | 010,444,702 | ---- | C] () -- C:\ChilliStoru_Item_Patch2.rar
[2010/05/07 12:20:23 | 000,017,925 | ---- | C] () -- C:\ProMS20100507122023.dmp
[2010/05/07 12:02:20 | 000,017,925 | ---- | C] () -- C:\ProMS20100507120220.dmp
[2010/04/27 14:22:53 | 000,000,250 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/04/18 22:31:18 | 000,000,988 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2010/04/15 17:13:18 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2010/04/13 16:20:43 | 005,890,371 | ---- | C] () -- C:\fnatic-vs-sk-dust2-1004110119-de_dust2.rar
[2010/04/07 18:08:41 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/04/07 18:08:41 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010/04/07 18:08:41 | 000,763,832 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/04/07 18:08:41 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/04/07 18:08:41 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/04/07 18:08:41 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/04/07 14:54:01 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\CCleaner.lnk
[2010/04/05 16:21:27 | 000,011,264 | ---- | C] () -- C:\WINDOWS\icfutil.exe
[2010/04/05 16:21:27 | 000,001,536 | ---- | C] () -- C:\WINDOWS\RunHiddenConsole.exe
[2010/04/04 18:53:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/04/04 18:53:52 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/04/04 18:53:52 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/04/01 12:09:21 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\cmdrvrmu.dll
[2010/03/07 18:32:42 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/02/18 21:55:25 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/02/18 21:33:42 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2010/02/18 21:33:41 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2010/02/18 21:33:41 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2005/09/07 11:09:36 | 000,017,230 | ---- | C] () -- C:\WINDOWS\System32\drivers\Wirelecf.SYS
[1993/07/24 02:31:02 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll

========== LOP Check ==========

[2010/03/04 15:26:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\abgx360
[2010/06/10 11:49:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BSplayer
[2010/03/22 23:28:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BSplayer Pro
[2010/03/26 22:06:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite
[2010/03/26 21:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Pro
[2010/02/24 19:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DNA
[2010/04/20 19:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FlashFXP
[2010/07/03 02:01:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ICQ
[2010/03/03 11:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ImgBurn
[2010/03/27 02:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nexon
[2010/03/06 19:20:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Octoshape
[2010/03/02 23:59:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Publish Providers
[2010/03/02 23:59:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sony
[2010/05/14 17:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TS3Client
[2010/03/25 18:13:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ubisoft
[2010/02/18 21:50:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2010/02/18 22:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
[2010/07/01 22:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/04/17 23:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/03/26 22:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/03/26 21:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2010/07/02 01:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/04/20 18:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FlashFXP
[2010/03/04 16:14:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2010/04/19 22:43:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2010/07/03 01:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2010/07/03 02:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/06/10 11:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/07/03 04:54:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/28 22:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TrackMania
[2010/03/25 18:13:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2010/07/03 05:01:00 | 000,000,250 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2010/02/18 21:48:15 | 000,000,079 | ---- | M] ()(C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\???????? ??? ????.scf) -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Свернуть все окна.scf
[2010/02/18 21:48:15 | 000,000,079 | ---- | C] ()(C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\???????? ??? ????.scf) -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Свернуть все окна.scf

========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

broni · 2010/07/03

Why isn't your Avira up to date?

OTL fix didn't work. I believe, you missed a "colon" in front of OTL (first line in my script - reply #18) while copying script, or you copied the script from your email notification, not from my post.
Either way, please, re-do.

adamexsa · 2010/07/03

:OTL
SRV - File not found [Auto | Stopped] -- -- (ekrn)
SRV - File not found [Auto | Stopped] -- -- (eins7295) Eset install launcher (7295)
SRV - File not found [On_Demand | Stopped] -- -- (EhttpSrv)
SRV - File not found [Auto | Stopped] -- -- (cmdAgent)
DRV - [2010/03/24 20:33:52 | 000,095,872 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2010/03/24 20:31:06 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/03/24 20:23:52 | 000,139,192 | ---- | M] (ESET) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe File not found
O4 - HKLM..\Run: [PRISMSVR.EXE] File not found
O4 - HKLM..\Run: [WiFiCFG.EXE] C:\Program Files\802.11g USB2.0 adapter\WiFiCFG.EXE File not found
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[2010/07/02 05:09:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\COMODO
[2010/07/02 05:03:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo Downloader
[2010/07/02 01:06:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/04/23 22:38:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/04/23 22:38:02 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/04/23 22:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/04/17 23:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/07/01 22:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/07/02 01:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

:Services

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" =dword:00000001

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
[Reboot]

I copied that to the OTL and then when I start the fix check its stuck

broni · 2010/07/03

Delete your OTL file, download fresh one and try again.

adamexsa · 2010/07/03

All processes killed
========== OTL ==========
Service ekrn stopped successfully!
Service ekrn deleted successfully!
Error: No service named eins7295) Eset install launcher (7295 was found to stop!
Service\Driver key eins7295) Eset install launcher (7295 not found.
Service EhttpSrv stopped successfully!
Service EhttpSrv deleted successfully!
Service cmdAgent stopped successfully!
Service cmdAgent deleted successfully!
Error: Unable to stop service epfwtdir!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\epfwtdir deleted successfully.
C:\WINDOWS\system32\drivers\epfwtdir.sys moved successfully.
Error: Unable to stop service ehdrv!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ehdrv deleted successfully.
C:\WINDOWS\system32\drivers\ehdrv.sys moved successfully.
Service eamon stopped successfully!
Service eamon deleted successfully!
C:\WINDOWS\system32\drivers\eamon.sys moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\COMODO Internet Security deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PRISMSVR.EXE deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WiFiCFG.EXE deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}\ deleted successfully.
File {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{56F9679E-7826-4C84-81F3-532071A8BCC5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56F9679E-7826-4C84-81F3-532071A8BCC5}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\Documents and Settings\All Users\Application Data\COMODO\tmp folder moved successfully.
C:\Documents and Settings\All Users\Application Data\COMODO\Firewall Pro folder moved successfully.
C:\Documents and Settings\All Users\Application Data\COMODO folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Comodo Downloader folder moved successfully.
C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Updfiles folder moved successfully.
C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\SysInspector folder moved successfully.
C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\SupportRequests folder moved successfully.
C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Stats folder moved successfully.
C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Oldfiles folder moved successfully.
C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Logs\eScan folder moved successfully.
C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Logs folder moved successfully.
C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Installer folder moved successfully.
C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Charon folder moved successfully.
C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus folder moved successfully.
C:\Documents and Settings\All Users\Application Data\ESET folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Norton\{086A63F0-6B13-4F29-9695-134E7A01E963} folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Norton\00000082\00000109\000003c6 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Norton\00000082\00000109 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Norton\00000082 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Norton folder moved successfully.
C:\Program Files\NortonInstaller folder moved successfully.
C:\Documents and Settings\All Users\Application Data\NortonInstaller\Logs\2010-07-02-00h41m36s folder moved successfully.
C:\Documents and Settings\All Users\Application Data\NortonInstaller\Logs\2010-07-02-00h41m05s folder moved successfully.
C:\Documents and Settings\All Users\Application Data\NortonInstaller\Logs folder moved successfully.
C:\Documents and Settings\All Users\Application Data\NortonInstaller folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Log folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Alwil Software folder moved successfully.
Folder C:\Documents and Settings\All Users\Application Data\ESET\ not found.
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2 .
ADS C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile\\ "EnableFirewall" |dword:00000001 /E : value set successfully!
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 2435 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 22900059 bytes
->Flash cache emptied: 434 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temporary Internet Files folder emptied: 1658235 bytes
->Flash cache emptied: 405 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 140320 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16875 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 1326324 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 25.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.7.0 log created on 07032010_053655

Files\Folders moved on Reboot...
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6JXKKTEW\st[1] moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6JXKKTEW\st[2] moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6JXKKTEW\st[3] moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6JXKKTEW\st[4] moved successfully.

Registry entries deleted on Reboot...

broni · 2010/07/03

Very good
How are the issues?

adamexsa · 2010/07/03

mm iexplore.exe still shown twice on task manager
but the real problem is when I login into Steam and
then the problems is popup.

broni · 2010/07/03

Download Bootkit Remover to your Desktop.

You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/

After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.

It will show a Black screen with some data on it.

Right click on the screen and click Select All.

Press CTRL+C

Open a Notepad and press CTRL+V

Post the output back here.

adamexsa · 2010/07/04

Bootkit Remover version 1.0.0.1
(c) 2009 eSage Lab
www.esagelab.com

\\.\C: -> \\.\PhysicalDrive0
MD5: aac7d8a98e39dfde27285ef395e66821
\\.\D: -> \\.\PhysicalDrive0

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>

Press any key to quit...

broni · 2010/07/04

OK, your MBR is infected.

Open Notepad
Copy and paste following text into Notepad:
Code:
@ECHO OFF
START remover.exe fix \\.\PhysicalDrive0
EXIT
Go FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
Then in the FILE NAME box type fix.bat.
Save fix.bat to your Desktop.

Run fix.bat by double clicking.
You may see a black box appear; this is normal.

When done, run remover.exe again and post its output.

adamexsa · 2010/07/04

@ECHO OFF
START remover.exe fix \\.\PhysicalDrive0
EXIT

broni · 2010/07/04

You did something wrong. This is just my script.
Please, re-read my last instructions.

adamexsa · 2010/07/04

Bootkit Remover version 1.0.0.1
(c) 2009 eSage Lab
www.esagelab.com

\\.\C: -> \\.\PhysicalDrive0
MD5: 6def5ffcbcdbdb4082f1015625e597bd
\\.\D: -> \\.\PhysicalDrive0

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)

Press any key to quit...

------
by the way there is a problem with my sound sometimes on control panel the "WAVE" is going down

broni · 2010/07/04

The log looks good
Please, restart computer and see, if you still have "iexplore.exe" issue.

adamexsa · 2010/07/04

for now all good,thank you alot

broni · 2010/07/04

Very good
Let me scroll through our topic, so I can see, where we stand.

broni · 2010/07/04

OK...

1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

2. Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Spyware, Adware, Dialers, and other potentially dangerous programs
[*] Archives
[*] Mail databases

6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

broni · 2010/07/10

Are you still out there?

Log in or Sign up

Inactive iexplorer.exe problem

adamexsa Inactive Thread Starter

broni Moderator Malware Analyst

adamexsa Inactive Thread Starter

broni Moderator Malware Analyst

adamexsa Inactive Thread Starter

broni Moderator Malware Analyst

adamexsa Inactive Thread Starter

broni Moderator Malware Analyst

adamexsa Inactive Thread Starter

broni Moderator Malware Analyst

adamexsa Inactive Thread Starter

broni Moderator Malware Analyst

adamexsa Inactive Thread Starter

broni Moderator Malware Analyst

adamexsa Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive iexplorer.exe problem

adamexsa Inactive Thread Starter

broni Moderator Malware Analyst

adamexsa Inactive Thread Starter

broni Moderator Malware Analyst

adamexsa Inactive Thread Starter

broni Moderator Malware Analyst

adamexsa Inactive Thread Starter

broni Moderator Malware Analyst

adamexsa Inactive Thread Starter

broni Moderator Malware Analyst

adamexsa Inactive Thread Starter

broni Moderator Malware Analyst

adamexsa Inactive Thread Starter

broni Moderator Malware Analyst

adamexsa Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Share This Page

Useful Searches